<?php
session_start();

  //////////////////////////////////////////////////////////////////
  // OrbitFAQ                                                     //
  // ---------                                                    //
  //                                                              //
  // Orbit FAQ was solely written and developed by Orbit Services //
  // http://www.orbitservices.net                                 //
  //                                                              //
  // Access the Forum here:                                       //
  // http://forums.orbitservices.net/index.php?c=4                //
  //                                                              //
  // OrbitFAQ utilises the following opensource projects/classes; //
  //  + Fckeditor - http://www.fckeditor.net                      //
  //  + Smarty Template Engine - http://smarty.php.net            //
  //  + Swift Email Class - http://www.swiftmailer.org/           //
  //  + OWASP PHP Filter Project - http://www.owasp.org           //
  //  + MySQL Search Class by Stephen Bartholomew                 //
  //                                                              //
  //////////////////////////////////////////////////////////////////

  // Get our Admin Specific Includes
  require('incs/admin.config.inc.php');
  require('../incs/config.inc.php');
  require('../incs/db.inc.php');
  require('incs/admin.classes.inc.php');

  // Check for actions
  require('incs/admin.checkactions.inc.php');

  // Lets get our common $_GET values and sanitize them
  $faq = sanitize_paranoid_string($_GET['faq']); // Selected FAQ
  $ca = sanitize_paranoid_string($_GET['ca']); // Category
  $qn = sanitize_paranoid_string($_GET['qn']); // Question
  $view = sanitize_paranoid_string($_GET['view']); // View Type
  $action = sanitize_paranoid_string($_GET['action']); // Action
  $mod = sanitize_paranoid_string($_GET['mod']); // Action
  $type = sanitize_paranoid_string($_GET['type']); // Type
  $user = sanitize_paranoid_string($_GET['user']); // Type
  $posted = $_GET['posted']; // Posted
  $message = $_GET['message']; // Submitted Messages

  $ip = $_SERVER['REMOTE_ADDR'];

  $smarty = new Smarty;

  $smarty->compile_check = false;
  $smarty->debugging = false;

  $SmartyCompileDir = "$AdminFullPath/skins/$AdminSkin/skins_c";
  $smarty->compile_dir = $SmartyCompileDir;

  require('../incs/common.inc.php');

  $smarty->assign("DefaultSkin","$AdminSkin");
  $smarty->assign("message","$message");
  $smarty->assign("action_msg","$action_msg");
  $smarty->assign("mod","$mod");
  $smarty->assign("SiteTitle","$AdminOrbitFAQTitle");
  $smarty->assign("AdminFullPath","$AdminFullPath");
  $smarty->assign("OrbitFAQVersion","$orbitfaq_version");
  $smarty->assign('FAQmods',$faqmods);
  $smarty->assign('FAQtoplinks',$faqtoplinks);

  // First Thing we need to do is check that they are authenticated to login

  // Let check if the IP is banned to access the Admin Panel
  // First we make sure the BannedUser variable is not set
  // as a GET variable.
  if($_GET['BannedUser'] == '')
    {

      $BannedUser = checkBanList($ip);
      $smarty->assign("BannedUser","$BannedUser");

    }
  else
    {
      $BannedUser = '0';
      $smarty->assign("BannedUser","$BannedUser");
    }

  // If the BannedUser variable is 0 then dont even show the login form.
  if($BannedUser == '0')
    {
      $smarty->assign("OrbitFAQTitle","Your IP Has Been Banned");
      $message = "You are trying to access the system via a Banned IP Address.";
      $smarty->assign("message","$message");

      $smarty_template_file = "$AdminFullPath/skins/$AdminSkin/mod_auth_bannedip.tpl";
      $smarty->display("file:$smarty_template_file");

      clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);
      exit;
    }

  // Let check if the username has to access the Admin Panel
  // First we make sure the AuthUser variable is not set
  // as a GET variable.
  if($_GET['AuthUser'] == '')
    {

      $accesslvl = $_SESSION['orbitfaq_accesslevel'];
      $AuthUser = checkAuthentication($accesslvl);
      $smarty->assign("AuthUser","$AuthUser");
      $smarty->assign("AccessLvl","$accesslvl");

      $orbitfaq_userid = $_SESSION['orbitfaq_userid'];
      $smarty->assign("AuthUserID","$orbitfaq_userid");

    }
  else
    {
      $AuthUser = '0';
      $smarty->assign("AuthUser","$AuthUser");

      // Tell the user that they are being bad
      $message = "You are trying to access the system through dodgy methods!! Thats not very nice! Your IP Address has been recorded in the Banlist!!";

      if($BanInvalidAuthUser == '1')
        {

          $query_add = "INSERT INTO `orbitfaq_banlist` ( `ban_type`, `detail`)VALUES('ip','$ip');";
          $result_add = $faqsql_query ($query_add)OR DIE( "$sql_query_error $query_add");

        }

      $smarty->assign("OrbitFAQTitle","You Are One Dodgy Person!!");
      $smarty->assign("message","$message");

      $smarty_template_file = "$AdminFullPath/skins/$AdminSkin/mod_auth_bannedip.tpl";
      $smarty->display("file:$smarty_template_file");

      clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);
      exit;

    }

  // If the AuthUser variable is 0 then show the login
  if(($AuthUser == '0')AND($action != 'login')AND($action != 'logout'))
    {

      $smarty->assign("OrbitFAQTitle","Login");

      if($message == '')
        {
          $message = 'You are not authenticated to access this page, please log in.';
        }

      $smarty->assign("message","$message");

      $smarty_template_file = "$AdminFullPath/skins/$AdminSkin/mod_auth_loginform.tpl";
      $smarty->display("file:$smarty_template_file");

      clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);
      exit;
    }

  // All User/IP Validation is complete so we can now start
  // the real stuff.
  if($mod != '')
    {
      require("modules/$mod/index.php");
      $smarty->assign("OrbitFAQTitleImage","$mod");
    }
  else
    {
      require("modules/frontpage/index.php");
      $smarty->assign("OrbitFAQTitleImage","frontpage");
    }

  // Do Not Cache - turn off after dev
  $smarty->caching = 0;

  // Load our Template
  $smarty->display("file:$smarty_template_file");

  clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);
  exit;

?>
